#TA505 find subdomain to download #Dropper #Malware

So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method

So, found 2 TTPs today from twitter

But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN]

It will show you a certificate error page. Click on Advanced .

Following section will open , click on View Certificate.

Now you can see subdomain names which are distributing the actual dropper files.

Now use that subdomain and add /download.php at end to download actual dropper excel file.